“Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future,” a Google spokesman said via e-mail.

The attack potentially put at risk YouTube cookies of users who visited a compromised page, but it couldn’t be used to access their Google accounts, the spokesman said. As a precaution, YouTube users should log out of their account and log back in again.

What’s more concerning is that it seems individuals iTunes accounts have been hacked to make mass purchases of that one developer’s apps. (Update: this does not appear to just be one specific developer nor one particular set of apps any more. Details at the foot of this post.)